If security problems are found faster, they can be fixed faster. We should get suspicious if no security problems are found any more. Then someone maybe tries to hide them, doesn't care, or development on the software just has stopped (the latter case would be obvious though).
So maybe we could use the time after a release until a security problem is found, and the number of security problems found as an indicator how good the security of the software is: The faster problems are found and the more problems are found the better the security. This might sound counter-intuitive, but not if you think about it. It shows that the _process_ of security is doing well.
Maybe you are, maybe not. This question goes very far: What is consciousness ?
I can't answer this question (and I guess nobody can). But at least I can provide a link to a nice collection of scientific articles that try to answer the question:
I did not trust WEP even before this tools were released. I read a bit about securing the connection independent of the wireless equipment. Treating the wireless connection like a public network, I set up a Virtual Private Network (VPN). I'd like to share my experiences:
First I tried to setup IPSec. It was a nightmare. Although I know a lot about computers and networks I did not manage to setup IPSec. It's configuration is so complicated, I have no clue. Although, it must be possible to get IPSec running, maybe it's just me who is too stupid:).
IPSec would have been the most secure solution, but despite public belief it's not that secure:
http://www.schneier.com/paper-ipsec.html
Then I tried Cipe. It was very easy to get it running, but it's horribly insecure. Peter Gutmann wrote a nice article, which was in the news on slashdot some time ago:
http://lists.virus.org/cryptography-0309/msg00257. html
In that article I read about tinc, which I now use. It's almost as easy to setup as cipe, but more secure (although not perfect and not as good as IPSec). Here is the answer of the developers of tinc to Peter Gutmann's article:
http://www.tinc-vpn.org/security
So, maybe if you believe them it's not that bad, I'm not sure about this.
I think one great advantage of the VPN-solutions is that AFAIK there are no tools available that make cracking them as easy as cracking WEP. So the "common War Driver" or Script Kiddie has no clue what to do, you'd need some kind of expert to crack your connection. And, if such an expert is trying to break your security, you maybe have a bigger problem anyway.
I just wanted to have an acceptable level of security and lock War Drivers out.
Slashdot Mirror
If security problems are found faster, they can be fixed faster. We should get suspicious if no security problems are found any more. Then someone maybe tries to hide them, doesn't care, or development on the software just has stopped (the latter case would be obvious though).
So maybe we could use the time after a release until a security problem is found, and the number of security problems found as an indicator how good the security of the software is: The faster problems are found and the more problems are found the better the security. This might sound counter-intuitive, but not if you think about it. It shows that the _process_ of security is doing well.
> It's no different if I went out and bought a Microsoft program
I guess it's especially bad to copy a Microsoft program, compared with sharing another company's program.
Maybe you are, maybe not. This question goes very far: What is consciousness ?
I can't answer this question (and I guess nobody can). But at least I can provide a link to a nice collection of scientific articles that try to answer the question:
http://consc.net/online.html
If you mean the tunnel-functionality of ssh, it maybe is a bad idea.
t ml
Have a look at this text written by Olaf Titz, the author of cipe: Why TCP Over TCP Is A Bad Idea.
http://sites.inka.de/sites/bigred/devel/tcp-tcp.h
Thanks, I'll try it !
I did not trust WEP even before this tools were released. I read a bit about securing the connection independent of the wireless equipment. Treating the wireless connection like a public network, I set up a Virtual Private Network (VPN). I'd like to share my experiences:
:).
IPSec would have been the most secure solution, but despite public belief it's not that secure:
. html
First I tried to setup IPSec. It was a nightmare. Although I know a lot about computers and networks I did not manage to setup IPSec. It's configuration is so complicated, I have no clue. Although, it must be possible to get IPSec running, maybe it's just me who is too stupid
http://www.schneier.com/paper-ipsec.html
Then I tried Cipe. It was very easy to get it running, but it's horribly insecure. Peter Gutmann wrote a nice article, which was in the news on slashdot some time ago:
http://lists.virus.org/cryptography-0309/msg00257
In that article I read about tinc, which I now use. It's almost as easy to setup as cipe, but more secure (although not perfect and not as good as IPSec). Here is the answer of the developers of tinc to Peter Gutmann's article:
http://www.tinc-vpn.org/security
So, maybe if you believe them it's not that bad, I'm not sure about this.
I think one great advantage of the VPN-solutions is that AFAIK there are no tools available that make cracking them as easy as cracking WEP. So the "common War Driver" or Script Kiddie has no clue what to do, you'd need some kind of expert to crack your connection. And, if such an expert is trying to break your security, you maybe have a bigger problem anyway.
I just wanted to have an acceptable level of security and lock War Drivers out.